Our commitment to you

Introduction

MIKIKI is committed to protecting the information that we hold about you. This privacy notice describes how, when, and why Christy Ann Limited (“we”) may use your information, as well as your rights in relation to this information. This privacy notice also gives you details around how others will use your personal data.

Information we hold about you

Information we hold about you will often come from you directly (e.g. when you purchase goods from our website), this will include the following:

your interactions with us, for example, through social media or other channels;

your digital devices where we perform various checks designed to ascertain and verify your residency to ensure we meet our regulatory obligations. These checks include identifying the IP address your device connects from and the collection of information about your use of the website or mobile app (including device type, operating system, screen resolution, and the way you interact with us);

publically available information about you which is available online or otherwise;organisations that provide their own data, or data from other third parties, to enable us to enhance the personal data we hold, and then provide more relevant and interesting products and services to you;

people appointed to act on your behalf; and

if you give us personal data about other people (such as dependants or joint account holders) which we’ll use to provide goods or services, or if you ask us to share that information with third parties, for example to provide payment initiation or account information services, then you confirm that you know that they are aware of the information in this notice about how we will use their personal data.

What we use your information for and the legal basis for doing so

We must have a legal basis to process your personal data. In most cases, the legal basis will be one of the following:

to allow us to take actions that are necessary in order to provide you with the goods / service (performance of a contract), for example, to make and receive payments;

to allow us to comply with our legal obligations;

to meet our legitimate interests, for example, to understand how customers use our services/ purchase our goods, as well as improve the service we currently provide;

where we have your consent to do so; or

in the case of special categories of personal data, that it is in the substantial public interest.

The table below sets out the purposes for which we use your personal data and our legal basis for doing so. Where we are relying on a legitimate interest, these are also set out below:

What we use your information for:

The legal basis for doing so:

to allow us to take actions that are necessary in order to provide you with the goods / service (performance of a contract), for example, to make and receive payments;

where necessary for the performance of our agreement or to take steps to enter into an agreement with you; where the law requires this; where it is in our legitimate interests to ensure that our customer accounts are well-managed, so that our customers are provided with a high standard of service, to protect our business interests and the interests of our customers.

to allow us to comply with our legal obligations;

where necessary for the performance of our agreement or to take steps to enter into an agreement with you;where the law requires this.

to meet our legitimate interests, for example, to understand how customers use our services/ purchase our goods, as well as improve the service we currently provide;

where necessary for the performance of our agreement or to take steps to enter into an agreement with you; where it is in our legitimate interests to develop and improve our products and services to ensure we can continue to provide products and services that our customers want and to ensure our business model remains competitive

to contact you with marketing and offers relating to goods and services offered by us (unless you have opted out of marketing, or we are otherwise prevented by law from doing so)

where it’s in our legitimate interests to provide you with information about our good and services that may be of interest; in relation to direct electronic marketing, where we have your consent to do so.

we may share some personal data (e.g. mobile number or email address) in an encrypted format with social media companies so that they can match this to personal data they already hold in order for them to display messages to you about our products and services.

where it’s in our legitimate interests to provide you with information about our products and services that may be of interest.

to comply with regulatory and legal obligations to which we are subject and cooperate with regulators and law enforcement bodies.

where the law requires this; where it is in our legitimate interests to protect our business; for the use of sensitive data (see below), where it is in the substantial public interest.

to personalise the marketing messages we send you to make them more relevant and interesting.

where it is in our legitimate interests to provide customers with information more relevant to their circumstance.

to undertake checks for the purposes of security, detecting and preventing fraud and money laundering, and to verify your identity before we provide services to you.

where necessary for the performance of our agreement or to take steps to enter into an agreement with you; where the law requires this; where it is in our legitimate interests to detect, prevent and investigate fraud, money laundering and other crimes and to verify your identity in order to protect our business

When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests do not override your interests or fundamental rights and freedoms.

Special categories of data

Some of the information we collect are special categories of personal data (also known as sensitive personal data). In particular, we may process personal data that relates to your health (such as medical history), biometric data, and any criminal convictions and offences. Where we process such sensitive personal data, we will usually do so on the basis that it is necessary for reasons of substantial public interest, to establish, exercise or defend any legal claims, or in some cases, with consent. In any case, we will carry out the processing in accordance with applicable laws.

Keeping you in control of your data

We take care to protect your data and ensure that we allow you to control the information you share with us.

Giving you control and flexibility over your data

We give you and control and flexibility to update your marketing preferences, we will only contact you with offers of goods and services that you have requested or those that are similar to goods and services you have purchased before.

It’s important to us that your personal details are kept up to date. We will give you opportunities to update your personal details that we hold on you and we’ll always make it easy for you to change your mind about how we contact you.

How we use your personal data and providing useful and timely information

We use your data to ensure we process your transactions safely and securely. It can also help us to personalise your experience. Data can also help us to focus on the needs of specific customers.

Whether it’s to deliver goods or services to you and others, or to follow legal requirements, we’ll always be clear and open with you about how and why we’re using your data. And if you need more detail, we’ll always keep our privacy notices where you can find them easily.

Who will we share your information with?

We will keep your information confidential but we may share it with third parties (who also have to keep it secure and confidential) under the following circumstances:

Independent third-party service providers who you (or a third party properly authorised to give instructions on your account) ask us to share information with. If such information is shared with these third parties, we will have no control over how that information is used. You (or the person(s) with authority over your account) will need to agree the scope of such use directly with the third party;

Our service providers and agents (including their sub-contractors);

We may share your personal data with our business partners who we provide services with. We may also share information with other service providers and agents who provide the services on their behalf;

Any third party after a restructure, sale or acquisition of a MIKIKI company or debt, as long as that person uses your information for the same purposes as it was originally given to us or used by us (or both);

Anyone to whom we transfer or may transfer our rights and duties in this agreement;

Social media companies (data shared in an encrypted format so that they can match this to personal data they already hold) to display messages to you about our goods and services;

Your advisers (such as accountants, lawyers, financial or other professional advisers) if you have authorised anyone like this to represent you;

UK and overseas regulators, law enforcement agencies and authorities in connection with their duties, such as crime prevention (whether directly or via third parties such as credit reference agencies), or carrying out social or economic statistical research. This may include payment details (including information about others involved in the payment);

Fraud prevention agencies. In particular, we will always tell fraud prevention agencies if you give us false or fraudulent information. They will also allow other organisations (in the UK or abroad), including law enforcement agencies, to access this information to prevent and detect fraud or other crimes. You can ask us for the details of the fraud prevention agencies we share information with.

Your Rights

You have certain rights regarding your personal data, subject to local law. Your ability to exercise these rights will depend on a number of factors and in some instances, we will not be able to comply with your request e.g. because we have legitimate grounds for not doing so or where the right doesn’t apply to the particular data we hold on you. Manage your data requests and the information you receive from us. These rights include the following:

Marketing Choices

We may use personal data, such as your email address or recent transactions, to send you information on products and services that we think you’ll be interested in. You can choose whether you’d like to receive this information and how you’d like to hear from us.

Sometimes, we’ll send information to you by email and text message, through notifications on your mobile phone, through our website and apps or by post. Your data helps us to make sure these messages are relevant to you.

You may also see information about our products and services on social media apps and websites. We use secure processes to match the details you share with these platforms and with us, so we can show you more relevant messages.

You can choose how we contact you with information like this.

Social media marketing

You can ask us to stop processing your data in this way. You may still see some generic promotions from us and from other companies but some social media providers will allow you to turn off messages from certain third parties.

Object to data processing

If you would like more information on these rights, or wish to exercise them, please submit a request to [email protected].

Move your data

If you would like more information on these rights, or wish to exercise them, please submit a request to [email protected].

Request your data

If you would like more information on these rights, or wish to exercise them, please submit a request to [email protected].

Please contact us to update or correct your information if it changes or if the personal data we hold about you is inaccurate.

Check or update your data

If you would like more information on these rights, or wish to exercise them, please submit a request to [email protected].

Request data deletion

If you would like more information on these rights, or wish to exercise them, please submit a request to [email protected].

Request data restrictions

If you would like more information on these rights, or wish to exercise them, please submit a request to [email protected].

International data transfer

When we share information with organisations in another jurisdiction, we will ensure they agree to apply equivalent levels of protection for personal data as we do. If this is not possible – for example because we are required by law to disclose information – we will ensure the sharing of that information is lawful. Also, if they are not in a jurisdiction that the European Commission regards as having adequate levels of protections for personal data, we will put in place appropriate safeguards (such as contractual commitments), in accordance with applicable legal requirements, to ensure that your data is adequately protected.

If you ask us to share information with third parties (either in the UK or in another country), we will rely on your request (whether direct or indirect) to share the relevant information. We don’t have control over such third-party practices. We recommend that you (or the person(s) with authority over your account) consider the information-handling practices of that third party before requesting their services by reading their privacy notices or contacting them to ensure you are comfortable with how they will handle your information.

Retention of your Data

We will keep your personal data for as long as we have a relationship with you. Once our relationship with you has come to an end (e.g. following closure of your account or following a transaction we will only retain your personal data for a period of time that is calculated depending on the type of personal data, and the purposes for which we hold that information.

We will only retain information that enables us to:

Maintain business records for analysis and/or audit purposes;

Comply with record retention requirements under the law (for example, as required under legislation concerning the prevention, detection and investigation of money laundering and terrorist financing);

Defend or bring any existing or potential legal claims;

Maintain records of anyone who does not want to receive marketing from us;

Deal with any future complaints regarding the services we have delivered;

Assist with fraud monitoring; or

Assess the effectiveness of marketing that we may have sent you.

The retention period is often linked to the amount of time available to bring a legal claim, which in many cases is six or seven years following closure of your account or following a transaction. We will retain your personal data after this time if we are required to do so to comply with the law, if there are outstanding claims or complaints that will reasonably require your personal data to be retained, or for regulatory or technical reasons. If we do, we will continue to make sure your privacy is protected.

Automated Processing

The way we analyse personal data in relation to our services may involve profiling, this means that we may process your personal data using software that is able to evaluate your personal aspects. This is known as “automated decision-making” and is only permitted when we have a legal basis for this type of decision-making. We may make automated decisions about you:

where such decisions are necessary for entering into a contract,

where such decisions are required or authorised by law, for example for fraud prevention purposes; or

where it is a reasonable way of complying with government regulation or guidance, such as our high level obligation to treat customers fairly.

You can contact us to request an automated decision to be reviewed by a human being.

Cookies

We may use cookies and similar technologies on our websites, mobile apps, and in our emails. Please see our Cookie Statement.

How to contact us

Please email [email protected] if you have any questions about our privacy notice or you would like more information on your rights, or wish to exercise them.

Christy Ann Limited is the ‘data controller’ for your personal data. This means it is responsible for deciding how we can use your personal data.

Changes to the privacy notice

A copy of this privacy notice can be requested from us using the contact details set out above. We may modify or update this privacy notice from time to time.

Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).